- Solutions
Our solutions
Digital solutions combining strategy, technology, automation and people.
Technology advisory
Navigate the fast-changing world
Cloud engineering
Transformational change at scale and speed
Data solutions
Realise the untapped potential of data
AI and machine learning
Leverage your data assets
Application engineering
Optimise and grow your digital investment
Maintenance and support
End-to-end application management
Business process solutions
Manage business processes to reduce operating costs
Quality solutions
Independent testing for your systems and software
Digital experience platforms
Redesign your digital assets for the optimal customer experience
- Industries
Industries
We provide solutions tailored to your sector to assist you in identifying opportunities, realising value and opening up new markets.
Financial services
Insurance, risk management, banks, and fintech
Healthcare
Patient empowerment, lifesciences, and pharma
Retail
Functional and emotional customer experiences online and in-store
Travel
Airlines, online travel giants, niche disruptors
Media and publishing
Content consumption for the tech-driven audience
Hi-tech and IOT
Real-time information and operational agility and flexibility to respond to market changes
Logistics and supply chain
Reimagine a supply chain that is more flexible and resilient to change
Education
Create an exciting and engaging digital experience for students and departments
- Our thinking
Our thinking
The latest updates to help future-focused organisations on the issues that matter most in business.
News
Keep up to date with company news and announcements at NashTech
Digital Leadership Report
Explore insights from the latest world's largest and longest-running study on technology leadership
Insights
The latest expertise and thought leadership from the NashTech and our clients
Resources
Expert guidance on everything from complex technological issues to current trends
- Case studies
- About us
About us
Find out what makes us who we are
Leadership
The diverse leadership team at NashTech
Nash Squared
A global professional services organisation with three key areas of focus
Vietnam 360°
Experience a 360 degree all-encompassing virtual tour of NashTech’s Vietnam offices
ESG
Discover our environmental, social and governance commitments
Diversity, equality and inclusion
Making diversity, equality and inclusion an integral part of our culture
Our locations
Discover our network of global offices, centres of excellence and innovation
- English
Cyber threats shift: AI and quantum rise as reported attacks decline
Nash Squared CISO, Jim Tiller, talks about the surprising cyberattack data in our 2023 Digital Leadership Report, what might be behind it and what to look out for in the future. This article first appeared on ComputerWeekly.com.
Every week, we continue to read in the press or hear from our networks about another major cyber incident somewhere.
On the face of it, therefore, one of the most surprising findings from this year’s Nash Squared Digital Leadership Report is that major cyberattacks are falling.
In its 25th year of publication, the report found that across more than 2,100 technology/digital leaders surveyed globally, the proportion experiencing a major cyberattack in the last two years has fallen to 23%, down from 28% in our 2022 report. Amongst large organisations specifically, a higher proportion report a major incident – nearly half, at 44%. But there has been an even bigger fall here from 2022 when it was 56%.
Changing perspectives on cyberattacks
I believe this shows that our perspectives on cyberattacks are changing. Quite simply, there are so many attacks now that cyber and technology professionals have become hardened to them, and what they class as ‘major’ has changed.
Whereas a few years ago, a short DDoS (Distributed Denial of Service) or small data breach might have been a major crisis that sparked a midnight call to the CEO, now it’s become much more ‘routine’.
Our view of cyber risk is changing. The bar has been raised on what constitutes a major attack. It’s another example of how humans are quick to recharacterise the environment around them.
Continuing battle
There could be a positive deduction to draw out of this, too. It may also be the case that more organisations are strengthening their cyber defences and heading attacks off.
Certainly, some sectors like financial services and central government continue to raise their game (while others continue to lag), investing in sophisticated protection systems, threat detection and response capabilities, as well as continually reminding the whole workforce of the importance of good cybersecurity protocols.
However, even the most advanced organisations continue to be attacked. Hackers aren’t going to give up because they haven’t got through. If anything, it makes them try harder.
It’s a numbers game, after all. And their tools and techniques are shifting and becoming more sophisticated all the time. No organisation can afford to let up on their cybersecurity posture for even a moment.
Unfortunately, we can’t take the headline finding as a sign that businesses are ‘winning’ the cyber battle. It’s more nuanced and complicated than that. And the very moment you tell yourself you are winning is probably the moment you open yourself up to fail!
Raising the stakes: new threats from generative AI
There’s another reason why we can’t become complacent: new threats are coming that could dwarf anything we have seen to date.
Generative AI has become today’s hot ticket, with seemingly every business trying to work out how to leverage its incredible capabilities. But while generative AI holds enormous positive potential, it could also be a gift to the cyber criminals.
The communique signed by attendees in advance of the UK government’s AI summit of world leaders warned that AI systems could be used to launch cyberattacks and create bioweapons, and that it is “especially urgent” to address the risks.
The success of cyberattacks is often dependent on their ability to scale – swamping and overwhelming an organisation’s defences – and their ability to mimic real humans (as in a phishing campaign). It doesn’t take long to see how generative AI could help a cyber attacker with both of these.
We are already seeing instances of incredibly convincing, tailored phishing emails that appear to have been generated with AI. In time, the success rate of phishing campaigns could leap exponentially, from the present level of about 0.1% to anywhere around 20%. The implications are sobering.
Phishing would only be the start. Cyber criminals are also engaging in what’s been termed as ‘AI poisoning’, infecting the content that is subsumed into the learning process of an AI algorithm so that it becomes untrue, biased or downright malicious.
This could then be replicated and massively multiplied across systems and networks with terrible consequences.
There is also malware. So far, generative AI’s coding abilities have been relatively basic. But it is improving at exponential rates – much faster than a human can learn. It may not be long before generative AI can develop malicious code that is almost impossible to block.
Malware potency could hit new levels, and the cyber industry will need all its skill and investment (and some help from ‘good’ AI) to combat it.
The quantum risk
Then there is quantum computing. We are already beginning to see Quantum as a Service (QaaS) being offered where quantum mainframes are made available to users.
It may not be long before we see the networking challenges of quantum being solved so that quantum computing becomes available on a mass scale. Users, including cyber criminals, could have access to thousands if not tens of thousands of qubits.
This will put almost unimaginable computing and processing power into users’ hands. From a cybersecurity perspective, most encryption would instantly be rendered useless.
All of a sudden, customers’ secure transactions to their bank or all the data transmitted over a VPN would no longer be protected.
In fact, every secure interaction anyone has ever made would be likely to be collected, allowing adversaries to go back and decrypt all those communications. The underlying basis of blockchain could crumble, permitting the ability to rewrite financial history.
That kind of quantum scenario may be a little way off – and hopefully defences and mitigations would be invented at the same kind of speed.
Keeping up the fight
There is no doubt that, with the new and emerging technologies that are coming, the cyber challenge could be massively amplified.
That’s why organisations simply have to keep on investing in their defences and get used to the thought that the battle is never over, and never won.
-ENDS-
The author is Jim Tiller, CISO, Nash Squared. The Nash Squared Digital Leadership Report 2023 is based on the world’s largest and longest running annual survey of technology/digital leadership. Over the last 25 years, the research has taken in the views of over 50,000 technology leaders. To register to receive a copy of the report, click here.
Suggested articles
From rising above adversity to riding the wave of digital transformation in the education sector
Explore how NashTech help Trinity College London ride the wave of digital transformation in the education sector
Migrating and modernising the virtual learning environment to AWS for an enhanced experience
The migrated and modernised Moodle infrastructure means that The Open University can now take advantage of cloud benefits.
A glimpse into a year-long RPA journey with a leading digital advertising service
A glimpse into a year-long RPA journey with a leading digital advertising services and solutions provider and how NashTech helped them.
We help you understand your technology journey, navigate the complex world of data, digitise business process or provide a seamless user experience
- Topics: